Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Showing 6 most recent headlines Filtered view

The Hacker News 4 months ago

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit

More from The Hacker News 3 Feb 2026, 10:12 p.m. Actively exploited CVE-2026-21509 CVE Disclosure Flaw Hacking Malware Microsoft Microsoft Office Nation State Russia Threat Actor Ukraine Zscaler

Bank Info Security 9 months, 3 weeks ago

Russian Hackers Exploit WinRAR Zero-Day

RomCom Group Deployed SnipBot, RustyClaw and Mythic Agent VariantsA Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability.

More from Bank Info Security 13 Aug 2025, 9:00 a.m. Actively exploited CVE-2025-8088 0-Day Advanced Persistent Threat CVE Exploit Flaw Hacking Russia Vulnerability

Bleeping Computer 9 months, 3 weeks ago

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]

More from Bleeping Computer 12 Aug 2025, 6:05 a.m. Actively exploited CVE-2025-8088 0-Day CVE Hacking Infection Malware Report Research Russia Vulnerability

The Hacker News 1 year, 2 months ago

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp

More from The Hacker News 1 Apr 2025, 5:41 a.m. Actively exploited CVE-2025-26633 0-Day CVE Exploit Hacking Microsoft Patch Russia Threat Actor Vulnerability

Bleeping Computer 3 years, 2 months ago

Microsoft fixes Outlook zero-day used by Russian hackers since April 2022

Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [...]

More from Bleeping Computer 15 Mar 2023, 8:11 a.m. Actively exploited CVE-2023-23397 0-Day CVE Critical Infrastructure Europe Hacking Microsoft Military Patch Russia Vulnerability

Bleeping Computer 3 years, 11 months ago

Russian hackers start targeting Ukraine with Follina exploits

Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]

More from Bleeping Computer 14 Jun 2022, 2:28 a.m. Actively exploited CVE-2022-30190 CVE Exploit Hacking Microsoft Remote Code Execution Russia Sandworm Tools Ukraine Vulnerability Warning